feat(ci): add feature branch creation and building containers on feat/*#2998
feat(ci): add feature branch creation and building containers on feat/*#2998nv-dmendoza wants to merge 3 commits into
Conversation
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
| git commit --allow-empty -m "${COMMIT_MSG}" | ||
|
|
||
| git tag "${TAG}" | ||
| git push origin "${FULL_BRANCH}" "${TAG}" |
There was a problem hiding this comment.
The current Github ruleset setting blocks GITHUB_TOKEN from creating feat/*: only repository admins and copy-pr-bot can bypass it. We may need to create a GitHub Actions App and update the ruleset to bypass the rule.
| run: | | ||
| set -euo pipefail | ||
|
|
||
| BRANCH_NAME=$(echo "${COMMENT_BODY}" | sed 's|^/feature-branch ||' | tr -d '[:space:]') |
There was a problem hiding this comment.
Do we need to strictly validate the branch name here instead of only stripping whitespace? Git refs may contain shell special characters, and this value later becomes VERSION and is interpolated directly into run: scripts, which can lead to command injection on self-hosted runners. maybe a bounded, single-segment slug such as ^[a-z0-9]+(-[a-z0-9]+)*$ would prevent shell inject and ensure compatibility with the downstream version and Helm workflows.
Adds running CI on feature branches and
/feature-requestcommand to create properly formatted feature branches as well as containers.Feature branch containers
/feat/*to CI branch triggerspush: ${{!contains(github.ref, 'pull-request/')}}condition already handles non-PR refs.feat-, ensuring feature branches are created correctly through the/feature-branchissue commandrest-ci.ymlworkflow already handles versioning using branches/feature-request <branch name>commandUsed in issue comments to create a fresh feature branch off
mainusing<branch name>. After creation, immediately adds an empty commit referencing back to the request as well as tag the base commit of the branch for proper version generation. A commit is needed here to not affect the versions autogenerated inmain.mainwhen/feature-requestwas run (ex.v2.0.0-pr-473-g69492bf5b)v2.0.0-pr-473-feat-x)v2.0.0-pr-473-feat-x-1-g2e6dff7`ex.v2.0.0-pr-474-g191d2a35b`)Related issues
#2869
Type of Change
Breaking Changes
Testing
Additional Notes